everything-claude-code-agent-harness
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads its core logic, agents, and security tools from an external GitHub repository (github.com/affaan-m/everything-claude-code) and the NPM registry (ecc-agentshield).
- [COMMAND_EXECUTION]: The harness utilizes a variety of scripting environments (Bash, Node.js, Python, and Rust) to automate installation, manage background daemons, and perform code analysis tasks.
- [DATA_EXFILTRATION]: The skill collects and stores the last 20 shell commands (via the 'history' command) into a local session file within the project directory. This data is used to provide context for the AI, but it creates an exposure risk if shell history contains sensitive environment variables or credentials.
- [PROMPT_INJECTION]: Static analysis detected patterns associated with instruction overrides. A manual review confirms these instances are part of the 'AgentShield' configuration file, which defines rules for identifying prompt injection in user input, and do not constitute an attack on the agent itself.
- [INDIRECT_PROMPT_INJECTION]: This skill possesses a significant attack surface as it ingests untrusted data from shell history, git diffs, and project files.
- Ingestion points: Shell command history (history 20), git diff output, and local session memory files (SKILL.md, SessionStop.sh).
- Boundary markers: The skill incorporates 'AgentShield' to analyze inputs and code for threats before processing.
- Capability inventory: Full shell execution via hooks, filesystem read/write access, and network operations through MCP server integrations (SKILL.md).
- Sanitization: Implements programmatic scanning of generated code and user inputs using the 'ecc-agentshield' package to detect dangerous functions and patterns.
Audit Metadata